lame-servers and network unreachable errors
Alex
mysqlstudent at gmail.com
Tue Mar 6 02:21:01 UTC 2012
Hi,
I have a fedora15 box with bind-9.8.2 running as master for one zone,
and having some problems with lame-servers and "network unreachable"
messages. I believe I understand what a lame-server is, but don't
understand why there would also be a "network unreachable" message
attached to it:
05-Mar-2012 21:10:54.733 lame-servers: info: error (network
unreachable) resolving '82.8.193.122.zen.spamhaus.org/A/IN':
2001:7b8:3:1f:0:2:53:2#53
05-Mar-2012 21:11:58.640 lame-servers: info: error (network
unreachable) resolving 'dns1.iplanisp.com.ar/A/IN': 2001:67c:e0::59#53
05-Mar-2012 21:11:58.640 lame-servers: info: error (network
unreachable) resolving 'dns2.iplanisp.com.ar/A/IN': 2001:67c:e0::59#53
05-Mar-2012 21:11:58.640 lame-servers: info: error (network
unreachable) resolving 'dns1.iplanisp.com.ar/AAAA/IN':
2001:67c:e0::59#53
05-Mar-2012 21:11:58.640 lame-servers: info: error (network
unreachable) resolving 'dns2.iplanisp.com.ar/AAAA/IN':
2001:67c:e0::59#53
05-Mar-2012 21:11:59.446 lame-servers: info: error (network
unreachable) resolving '73.113.26.69.zen.spamhaus.org/A/IN':
2001:7b8:3:1f:0:2:53:1#53
05-Mar-2012 21:11:59.446 lame-servers: info: error (network
unreachable) resolving 'ns1.mirohost.net/A/IN':
2a02:2278:70eb:199::196:43#53
05-Mar-2012 21:11:59.447 lame-servers: info: error (network
unreachable) resolving 'ns1.mirohost.net/A/IN': 2a01:758:fffc:6::2#53
05-Mar-2012 21:11:59.447 lame-servers: info: error (network
unreachable) resolving 'ns1.mirohost.net/A/IN':
2a01:4f8:100:22a6:188:40:253:34#53
05-Mar-2012 21:11:59.625 lame-servers: info: error (network
unreachable) resolving '112.193.69.200.zen.spamhaus.org/A/IN':
2001:7b8:3:1f:0:2:53:2#53
I'm sorry if that isn't very legible. How can I troubleshoot this? It
isn't every query, but quite a few queries are resulting in this
unreachable error.
I've included my named.conf below in hopes someone can point out a
configuration issue. It contains one master zone; a local spam
blacklist.
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; 68.XXX.YYY.45; } keys { "rndc-key"; };
};
acl "trusted" {
{ 127/8; };
{ 67.XXX.YYY.224/28; };
{ 67.XXX.YYY.0/26; };
{ 192.168.1.0/24; };
};
options {
listen-on port 53 { 127.0.0.1; 68.XXX.YYY.45; };
listen-on-v6 { none; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named.stats";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 68.XXX.YYY.45/32; };
recursion yes;
zone-statistics yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
// Record all queries to the box for now
channel query_info {
severity info;
file "/var/log/named.query.log" versions 3 size 10m;
print-time yes;
print-category yes;
};
// added for fail2ban support
channel security_file {
severity dynamic;
file "/var/log/named.security.log" versions 3 size 30m;
print-time yes;
print-category yes;
};
channel b_debug {
file "/var/log/named.debug.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
category queries { query_info; };
category default { b_debug; };
category config { b_debug; };
category security { security_file; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "sbl.example.com" {
type slave;
file "slaves/db.sbl.example.com";
masters { 64.XXX.YYY.5; };
allow-transfer { none; };
allow-query { trusted; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/rndc.key";
Thanks,
Alex
More information about the bind-users
mailing list